I have written a couple of posts now on Configuration Items and Baselines in Configuration Manager so I thought it was time to collect them all here with a call for action! Create your own CI’s and Baseline to make sure that you don’t have any configuration drift out there. Many settings are configured using Group Policy and that is perfect but how many actually monitors the local event log on all computers to make sure they are applied?!
Yet we really on them for the configuration of our clients and security settings….
I have written some posts on how to monitor some features in Windows 10:
- The Local administrator account disabled – https://4sysops.com/archives/disable-the-local-administrator-account-with-sccm/
- Monitoring LAPS with Configuration Manager – https://4sysops.com/archives/monitoring-laps-with-configuration-manager/
- Configuration Manager CI to check that credential guard is running – https://ccmexec.com/2017/04/configmgr-ci-to-check-that-credential-guard-is-running/
- ConfigMgr CI to check Applocker is configured and running – https://ccmexec.com/2017/04/configmgr-ci-to-check-applocker-is-configured-and-running/
If we combine them we get a start at least, add your own settings that are important in your environment
There is a great script as well by Sam Roberts that can be used to export a Group Policy to a .CAB file so you can start getting information how your clients actually are configured!
So take the time to create a baseline with everything that is important in your environment!!